SkillGuard - Skill Security Scanner

The package is internally consistent with a security-scanner purpose: it contains a static analysis tool and a set of malicious test-cases intended for validation, but it does not request unrelated credentials or install arbitrary third-party code.

This skill appears to be a legitimate static security scanner and includes deliberately-malicious test files to validate detections. Before running: (1) review scripts/skillguard.py locally to confirm it only performs static analysis (don't run unreviewed code as root); (2) run the scanner in an isolated environment (sandbox or VM) — do not execute the test scripts in a production environment; (3) do not allow any agent to auto-execute SKILL.md contents from other skills (the tests include prompt-injection comments and active exfil endpoints); (4) back up any baseline files if you care about them and be cautious about using any future 'check-remote' or download features until they are implemented and audited. The package is coherent for its stated purpose, but exercise standard caution when running code that ships with embedded malicious examples.